Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 1518939 - RFE: Extend IPA to support unadvertised replicas
Summary: RFE: Extend IPA to support unadvertised replicas
Keywords:
Status: ON_QA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: ipa
Version: 7.4
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: IPA Maintainers
QA Contact: ipa-qe
URL:
Whiteboard:
Depends On:
Blocks: 1647919
TreeView+ depends on / blocked
 
Reported: 2017-11-29 19:59 UTC by Brian J. Atkisson
Modified: 2019-03-30 06:44 UTC (History)
8 users (show)

Fixed In Version: ipa-4.6.5-2.el7
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Knowledge Base (Solution) 3687541 None None None 2018-11-13 11:15:34 UTC

Description Brian J. Atkisson 2017-11-29 19:59:01 UTC
Description of problem:

For background: http://post-office.corp.redhat.com/archives/idm-tech/2017-November/msg00441.html

As part of our deployment, we have a few IPA replicas that we do not
want users hitting directly for IPA client registration and day to day
queries (hosts designed as backup servers, KRA, etc). There appears to be no way to exclude servers from being returned to clients during auto-discovery.

Even with using DNS Locations, all replicas are returned to the client, just at a higher priority value.  There should be some way to mark an IPA server as 'unadvertised' and not included in any SRV records.

This would be useful for replicas dedicated to backups, CRL, KRA or other admin activities.

Thanks!

Comment 3 Florence Blanc-Renaud 2017-12-06 13:34:49 UTC
Upstream ticket:
https://pagure.io/freeipa/issue/7307

Comment 6 Florence Blanc-Renaud 2019-03-29 09:11:29 UTC
Fixed upstream:
ipa-4-6:

    cb85342 Add hidden replica feature
    016c47f ipatests: Exercise hidden replica feature
    7691162 Simplify and improve tests
    da9f62d Implement server-state --state=enabled/hidden
    d12cca4 Consider hidden servers as role provider
    ed00466 Improve config-show to show hidden servers
    131c1ab More test fixes
    bcf70c5 Don't allow to hide last server for a role
    d8d6799 Synchronize hidden state from IPA master role
    e40d92f Test replica installation from hidden replica
    d1eb4c7 Add design draft
    a0f00e6 Don't fail if config-show does not return servers
    aa3f60b Unify and simplify LDAP service discovery
    aba0fce Use api.env.container_masters
    ec94a68 Consolidate container_masters queries

ipa-4-7:
    ddf8e16 Add hidden replica feature
    f96f4a1 ipatests: Exercise hidden replica feature
    585bc52 Simplify and improve tests
    f3daa45 Implement server-state --state=enabled/hidden
    0bf26c5 Consider hidden servers as role provider
    de1a075 Improve config-show to show hidden servers
    3e2fb21 More test fixes
    dc2a5ec Don't allow to hide last server for a role
    87f9119 Synchronize hidden state from IPA master role
    467ceaf Test replica installation from hidden replica
    66c961d Add design draft
    c76620e Don't fail if config-show does not return servers


master:
    025facb Add hidden replica feature
    0770d8a ipatests: Exercise hidden replica feature
    99133eb Simplify and improve tests
    94b8635 Implement server-state --state=enabled/hidden
    d810e1f Consider hidden servers as role provider
    56d97f9 Improve config-show to show hidden servers
    f839d3c More test fixes
    e7e0f19 Don't allow to hide last server for a role
    8b1bb21 Synchronize hidden state from IPA master role
    e04dc9a Test replica installation from hidden replica
    d727321 Add design draft
    713c9b0 Don't fail if config-show does not return servers

Comment 7 Florence Blanc-Renaud 2019-03-29 09:49:59 UTC
ipa-4-7:
    b4bade0 Unify and simplify LDAP service discovery
    885cb17 Use api.env.container_masters
    99eb7e0 Consolidate container_masters queries


Note You need to log in before you can comment on or make changes to this bug.